Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Macha 5 hours ago

This was a constant problem with late Intel Macs where I was working at the time, to the point that people started explicitly using shut down enough to the point that security complained it was slowing down their patch rollouts.

Had some slack discussions with security about how their need for a green metric on patch deployment time doesn't entitle them to introduce a fire hazard to my personal residence...

da_chicken 5 hours ago | parent | next [-]

Yeah, the problem is that on Windows 10/11, if you have modern standby enabled and have fast boot enabled, then shutdown puts the system into standby.

vladvasiliu 3 hours ago | parent [-]

Do you have more info on this? It’s not at all the behavior I observe. After I shut down windows, which I do basically every time I use it since I usually use Linux on that machine, it is completely off. Turning the pc on boots Linux (it’s first in the boot order).

It has modern standby and most of its other defaults, which I know because if it goes to sleep it doesn’t: the fan stays on and it never gets cold to the touch despite the blinking power led. The other day it randomly installed the windows update and rebooted because I found it waiting for the LUKS pin.

Telaneo an hour ago | parent [-]

Look up 'Fast Startup'. It's a thing since Windows 8. It's a curse onto humanity.

lloydatkinson 4 hours ago | parent | prev [-]

> Had some slack discussions with security about how their need for a green metric on patch deployment time doesn't entitle them to introduce a fire hazard to my personal residence...

How did this part go down? I'm just curious because it reeks of entitlement and security theatre on their part.

It reminds me of an incident I had once at an old job, surprise surprise security related, where a moronic decision had been made by the combined DevOps and security team (putting aside how a separate DevOps team is a bad idea).

They had decided to use some "dependency security scanner" and if it found ANY, it would immediately disable the CI/CD build pipeline for that repository.

1) This could happen at any point within minutes/hours of some CVE being published. It would frequently block deployments.

2) It could not/would not take into account developer tooling vulnerabilities. Oh, your CSS library has a string DDOS vulnerability, where if someone makes a ginormous CSS file, the library will crash?

3) The CSS library does not reach a users machine, and is run once, at build time. Either it passes and deploys, or it fails and does not deploy. Therefore, it was probably not even justifiably a CVE to begin with, but more importantly, we now cannot deploy. https://old.reddit.com/r/cybersecurity/comments/1622xia/cve2...

4) The build pipeline would be disabled for ANY type of vulnerability regardless of impact. Even low ratings.

5) Because this security ~~scam~~software did not care about nuance like that, we could not even deploy hotfixes, critical production fixes, bug fixes, or anything.

6) Because it would disable the pipeline within minutes of a CVE, there was never a fix or a newer version to upgrade a dependency to. We had to wait days or sometimes weeks for a new version to be released.

This lasted a couple of months before they were forced to remove all this crap.

lovich 3 hours ago | parent [-]

Did this software happen to rhyme with Veracode?

I won’t make the claim that it can’t be set up and configured in a way that’s useful, but I will make the claim that I’ve never run into an instance where it was and have wasted more time than I want to remember dealing with similar issues to what you described